Managed Detection & Response, MDR in cyber security the new frontiers.
With the expression Managed Detection & Response (MDR), we refer to those outsourced IT security services designed as ad hoc to enhance companies’ defense strategies, supporting them in identifying and containing threats to private data and resources before it gets out of hands.
The volume, variety, and complexity of cyber attacks have increased exponentially in recent years. To the point that organizations sometimes struggle to keep up and keep a high guard within their cyber security departments.
MDR – Managed Detection & Response services are designed precisely to meet these difficulties, with timely checks and rapid responses to incidents, combining technological solutions and in-depth risk analysis. The goal is to become an extension of the teams that deal with IT security in companies. And where these teams are absent, to exercise their role.
What the Managed Detection & Response services offer and their benefits
MDR services provide a “turnkey” alternative to those companies looking for advanced security products, integrating tools and methodologies that – for different reasons – the Security Operations Center teams are not always able to acquire and maintain over time.
And, thanks to these services, the level of monitoring, detection, and analysis of threats against cyber security is implemented without necessarily having to bear the challenges and costs of internal security staff.
Managed Detection & Response services are not limited to increased remote threat detection and response capabilities. But they can also provide proactive defense by anticipating problems and providing detailed information on the type of threat.
Often the question from companies is why chose MDR services over Managed Security Services Provider (MSSP). One expert respond by pointing out that the former are services focused on the threat and the management of vulnerabilities, to which they are designed to be “reactive.” Unlike Managed Security Services Providers, they focus on detecting and responding to risks rather than monitoring security alerts.
Additionally, MSSPs manage firewalls, but they don’t provide the same threat research or forensic analysis level as MDRs. And they can recognize security problems but not reveal the details of the dangers.
Among the peculiarities of the Managed Detection & Response services is the fact of providing monitoring 24 hours a day, seven days a week, by expert cyber security analysts employing detection and response to threats of managed endpoints.
Managed Detection & Response – Remote control in real-time, 24/7
The detection enjoys a particularly extensive coverage, as well as a real proactive “hunting” of threats – based on indicators and acquired behaviors – which are followed by timely responses, forensic analyzes, and higher-level investigations.
Some MDR services use, in particular, artificial intelligence systems for advanced and accurate risk detection, managing to sift through millions of network events and identify suspicious activity.
Then, depending on the type of threat and the targeted environment, it could impact data privacy, availability for operations (for example, a destructive ransomware event), privacy (for example, data breach customer), or even physical security.
Who is the MDR market for?
Thanks to the progressive growth of the market and increasing awareness on the part of companies (+ 44% of requests from end-users during 2020), according to Gartner analysts, by 2025, 50% of organizations will use, as the only service security, Managed Detection & Response for monitoring, detection and response to cyber threats.
Already starting from mid-2020 – reads Gartner’s analysis – MDR services are available from a growing number of suppliers, some entirely new and others who, on the other hand, are adapting their offers to align them with the characteristics of the MDR.
Many of these have chosen to address certain vertical sectors, within which they can offer specific skills and services – such as, for example, critical infrastructures or production sites – or where there are particular problems related to the privacy and confidentiality of data, such as the health sector.
The structures that MDR service providers address include organizations that have minimal functionality for internal threats and, for which, a Managed Detection & Response service sometimes constitutes the set of basic security operations.
These companies – observes Gartner – usually have few, if any, specific cyber security experts in-house, nor do they have the experience necessary to apply some of the advanced technologies used in the context of six MDR services, 24 hours a day. Seven days out of seven.
And then, some organizations want to set up a “modern” Security Operations Center, outsourcing everything to a provider, leaving the task of concentrating their internal resources on other security activities to themselves.
Finally, there are also those companies with a Security Operations Center but wish to use MDR services to fill some of their gaps. (such as, for example, the search for threats) or to have a “third eye” where they cannot maintain the mapping of the dangers to the damage of IT security.
In short – according to Gartner – the starting point for the adoption of Managed Detection & Response services seems to come from the answer to the question, “do we have everything necessary to detect the most common and known threats? “.
Some guidelines for choosing Managed Detection & Response
Gartner, in its market analysis, also fixes some points that companies wishing to rely on MDR service providers should – in his opinion – consider.
First of all, he emphasizes that – as with any other outsourced activity, regardless of the chosen supplier – if the objectives to be achieved are not immediately defined clearly, the chances of success will be reduced.
And he warns that, for an organization, the purchase of MDR services does not replace the minimum “basis” for a strategy to defend against cyberattacks. It does not exempt them from owning them.
Corporate security policies and procedures are considered necessary (in Europe, the GDPR requires them), and some MDR vendors cannot help their customers develop them.
In addition, once the services have been purchased, it may be necessary to involve other internal departments – such as, for example, Human Resources and the Legal Department – which a Managed Detection & Response will never be able to replace.
In addition to what the MDR vendor is ready to support, companies should request incident response “retention” to address major breaches of security safeguards.
Finally, the analyst remarks that it is important to focus on MDR providers in your geographic area or those who use a data collection architecture that adheres to data residency requirements. And if you have data residency and high privacy or other compliance requirements, you need to verify that MDR providers can meet them.